[Users] OpenVZ Security / Trusted and Untrusted networks
Scott Dowdle
dowdle at montanalinux.org
Thu Mar 7 12:21:52 EST 2013
Axton Grams,
----- Original Message -----
> I wanted to solicit general feedback on this platform's security with
> relation to using a HN that serves VPSs for both trusted and
> untrusted networks.
I'm not a network person so I won't even attempt to answer that.
> I'm curious if there have been any CVE's or
> other errata, historically, that would have implications in this
> scenario.
I'm not aware of any OpenVZ-specific CVEs in the ~12 years that Virtuozzo and OpenVZ have existed. I do not claim there have never been security issues... because I have no idea.
> Are there implication of using venet versys veth interfaces in this
> arrangement?
I'd recommend you read the wiki page that discusses the differences between venet and veth... because it doesn't sound like you have read it:
https://wiki.openvz.org/Differences_between_venet_and_veth
> I am also concerned about the containment of the containers.. Have
> there been scenarios where people have been able to break out of the
> CT and gain access to or otherwise manipulate the HN?
Again, not that I'm aware of... in the 12 years... but then again my familiarity with this stuff only started about 6.5 years ago.
TYL,
--
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]
More information about the Users
mailing list